If you've used Windows for
any length of time, you're familiar with the pop-up box that asks: Do
you want to allow this program to make changes to your computer? One
of the most commonly asked questions is: How do I know when to click
Yes and when to click No? The first step to determining the answer
to this question is to understand why this box is popping up in the
first place.
The simplest answer as to
why that box keeps popping up is that is attempting to stop your
computer from installing malware without you knowing. Traditionally,
viruses and other malware would piggyback on a file that you wanted
to download in order to get into your computer. Once downloaded, the
malware would begin running processes in the background to embed
itself deep within your system. Microsoft has attempted to stop this
by building a protection into Windows called User Account Control
(UAC). UAC is designed to force any program that is trying to change
how your system runs to ask your permission before it's allowed
access. This limits the amount of damage that a virus can do without
alerting you that it's there. The trick is to know when that box
pops up if it's something that you made happen, or if a background
program made it pop up. Once we determine that it's a background
program, we can figure out if it's something that is malicious, or if
there's a legitimate reason for that program to change your system.
First, let's rule out the
possibility that you triggered the UAC box to pop up with something
that you're doing. Here's a list of actions that will cause that box
to pop up:
- Running an Application as an Administrator
- Changes to system-wide settings or to files in %SystemRoot% or %ProgramFiles%
- Installing and uninstalling applications
- Installing device drivers
- Installing ActiveX controls
- Changing settings for Windows Firewall
- Changing UAC settings
- Configuring Windows Update
- Adding or removing user accounts
- Changing a user’s account type
- Configuring Parental Controls
- Running Task Scheduler
- Restoring backed-up system files
- Viewing or changing another user’s folders and files
- Running Disk Defragmenter
Running any utilities such
as Ccleaner or Defraggler will trigger the box because these programs
are designed to perform one or more of these actions. Were you
running any utilities immediately before seeing that box pop up? If
so, there's a good chance that you triggered the UAC. In this case,
the system is just checking to make sure that you're aware of what
you're doing.
If you didn't try to
perform any of the listed actions and weren't opening a utility
program, then we know that a background process caused the box to pop
up. Now we have to determine if that process is malicious. The
easiest check to do is to check the program name and publisher listed
in the pop-up box. Is it something that you recognize and know is
safe such as Adobe, Java or Firefox? Is your antivirus trying to
update itself to keep you safe from new threats? If it's a name that
you know and trust, it's probably OK to go ahead and allow the
action. If you don't recognize the name and publisher, or if the
publisher is listed as Unknown then we may have an issue. If you've
recently downloaded or installed a program that you wouldn't expect
to change your Windows settings and it pops up a box, this is an
indication that it may be malicious. This is an instance where you
probably want to deny access.
Once you've decided that
the program listed in the box is suspicious, the easiest action is to
run a simple Google search. In most cases, you aren't the first
person to encounter this issue. Other people have taken to the
Internet to find out what this program is and why it's trying to
access your computer. If it's something malicious, you'll see
immediately see red flags in your Google search such as pages titled
Virus, Spyware or Adware. One of the most common malware programs
that we encounter is a toolbar called CouponBar. When I type
CouponBar into Google, in the first page of results I see: Virus
Warning!, ...is an adware program..., (adware. couponbar), How do i
remove the coupon bar adware from my computer?, and pages on
spywareguide.com and spybot.info. In all, 6 out of the first 10
pages listed refer to some form of malware, either in the title, the
description, or the page's address. The other 4 are offers to
download CouponBar. This tells me that even if I installed CouponBar
on purpose I probably shouldn't grant it access to my system. Other
searches, such as a search for msiexec.exe will not be so obvious.
Some sites indicate that it may be malware, while other sites
indicate that it may be part of the Windows operating system. In
cases like this, it's safest to deny the program access and consult
somebody that's more familiar with computers. Let them know what you
were doing when the box popped up, what exactly the box said, and
what programs were running. This way they'll have the tools to
diagnose your system and tell whether your system was performing
scheduled maintenance, or if you have malware masquerading as a
benign system process.
As always, the safest bet
is to have an up-to-date version of an anti-malware program running at
all times. That way most threats should be neutralized before that
pop-up window ever appears. UAC is a system that was developed by
Microsoft to make it harder to invade your system, but it's not a
catch all. Malware developers have come up with ways to circumvent
this feature. The easiest way for them to do that is to trick you
into clicking Yes on that pop-up box. Hopefully, we've given you
some tools that will allow you to know when it's safe to say Yes, and
when you need to dig a little deeper.
No comments:
Post a Comment